Trojan detection using MIB-based IDS / IPS system

机译：使用基于MIB的IDS / IPS系统进行木马检测

获取原文

页面导航

摘要
著录项
相似文献
相关主题

摘要

Identifying and detecting Trojans (malicious software installed and run on a host, without the acquiescence of the host's owner) is a major element in delivering computer security. As with any computer application, installation of a Trojan leaves a ldquofootprintrdquo on the systems resources. However, detection is non-trivial: the detector must be able to recognize the symptoms against a background of a range of other (ldquosaferdquo) activities, which also consume system resources. Furthermore, such detection activity should be at least resource neutral (in other words, the resources consumed by the detection process should not be more than the resources saved in detection). Therefore, we wished to explore the potential of an economical approach that explicitly takes into account resources used. In order to achieve our aim, we explore the possibility of making use of the existing widely deployed management information database (the MIB) as the basis for detecting attempts to install Trojan software on networked systems. We identify the characteristics of typical attacks in respect of the impact they have on particular MIB objects, and propose a decision-tree based algorithm which can detect Trojan activity. We identify the likely effectiveness of this system, with particular reference to the need for such information to be gathered in a timely manner.

机译：识别和检测特洛伊木马（在主机上安装并运行的恶意软件，而无需主机所有者的默认）是提供计算机安全性的主要因素。与任何计算机应用程序一样，木马的安装在系统资源上留下了“足迹”。但是，检测并非易事：检测器必须能够在一系列其他（“安全”）活动的背景下识别症状，这些活动也消耗系统资源。此外，这种检测活动至少应是资源中立的（换句话说，检测过程所消耗的资源不应大于检测中节省的资源）。因此，我们希望探索明确考虑所使用资源的经济方法的潜力。为了实现我们的目标，我们探索了利用现有的广泛部署的管理信息数据库（MIB）作为检测尝试在网络系统上安装Trojan软件的基础的可能性。针对典型攻击对特定MIB对象的影响，我们确定了典型攻击的特征，并提出了一种基于决策树的算法，可以检测特洛伊木马活动。我们确定了该系统的可能有效性，尤其是需要及时收集此类信息。

著录项

来源
《Information, Communication and Automation Technologies, 2009. ICAT 2009》|2009年|1-5|共5页
会议地点 Sarajevo(BA);Sarajevo(BA)
作者
Pattinson C.; Hajdarevic K.;
展开▼
作者单位

Innovation North Fac., Leeds Metropolitan Univ., Leeds, UK;

展开▼
会议组织
原文格式 PDF
正文语种
中图分类
关键词
database management systems; decision trees; invasive software; MIB-based IDS-IPS system; Trojan detection; computer security; decision-tree based algorithm; intrusion detection system; intrusion prevention system; management information database; Anomaly detection; Management Information Base; Network security; Trojan attacks;

机译：数据库管理系统;决策树;入侵软件;基于MIB的IDS-IPS系统;木马检测;计算机安全;基于决策树的算法;入侵检测系统;入侵防御系统;管理信息数据库;异常检测;管理信息库;网络安全;木马攻击;

相似文献

外文文献
中文文献
专利

1. Detection of Trojans Using a Combined Ring Oscillator Network and Off-Chip Transient Power Analysis [J] . XUEHUI ZHANG, ANDREW FERRAIUOLO, MOHAMMAD TEHRANIPOOR ACM Journal on Emerging Technologies in Computing Systems . 2013,第3期

机译：使用组合环形振荡器网络和片外瞬态功率分析检测木马
2. Engineering of fluorescent or photoactive Trojan probes for detection and eradication of β-Amyloids [J] . Amal A. Aziz, Rafat A. Siddiqui, Zareen Amtul Drug delivery. . 2020,第1期

机译：荧光或光活性特洛伊木马探头的工程检测和消除β-淀粉样蛋白
3. Reliability of Physical Systems: Detection of Malicious Subcircuits (Trojan Circuits) in Sequential Circuits [J] . Matrosova A. Yu., Kirienko I. E., Tomkov V. V., Russian physics journal . 2016,第8期

机译：物理系统的可靠性：顺序电路中恶意子电路（特洛伊木马电路）的检测
4. Trojan detection using MIB-based IDS/IPS system [C] . Colin Pattinson, Kemal Hajdarevic International Symposium on Information, Communication and Automation Technologies . 2009

机译：木马检测使用基于MIB的IDS / IPS系统
5. A Trusted and Efficient Security Approach for the Detection of Hardware Trojans and Authentication of FPGA-Based Systems [D] . Amsaad, Fathi. 2017

机译：一种可靠且高效的安全方法，用于检测硬件木马和基于FPGA的系统的身份验证
6. Hardware Trojans in Chips: A Survey for Detection and Prevention [O] . Chen Dong, Yi Xu, Ximeng Liu, 2020

机译：筹码中的硬件特洛伊木马：检测和预防调查
7. Software for Computer Systems Trojans Detection as a Safety-Case Tool [O] . Савенко, Олег Станіславович, Savenko, O., Лисенко, Сергій Миколайович, 2012

机译：作为安全案例工具的计算机系统木马检测软件
8. Principle of Equivalence and the Trojan Asteroids [R] . Orellana, R. , Vucetich, H. 1986

机译：等价原理与特洛伊小行星

Trojan detection using MIB-based IDS / IPS system

摘要

著录项

相似文献

相关主题

期刊订阅